Cybersecurity

1. Cybersecurity Threats and Vulnerabilities
   1. Types of Threat Actors
      1. Hackers
         1. Script Kiddies
            1. Use of premade scripts or tools
            2. Limited technical expertise
         2. Hacktivists
            1. Motivated by political or social causes
            2. Use of cyber tactics to spread messages or disrupt services
         3. Black Hat Hackers
            1. Engage in illegal cyber activities for profit
            2. Exploit vulnerabilities for personal gain
         4. White Hat Hackers
            1. Ethical hackers who find and report vulnerabilities
            2. Conduct security assessments for organizations
         5. Grey Hat Hackers
            1. Operate in the ambiguous area between white and black hat activities
            2. May exploit vulnerabilities but inform victims afterward
      2. Insider Threats
         1. Malicious Insiders
            1. Employees or contractors with intent to harm
            2. Data theft or sabotage
         2. Unintentional Insiders
            1. Human errors leading to data breaches
            2. Lack of cybersecurity awareness
      3. Nation-State Actors
         1. State-Sponsored Hackers
            1. Targeted attacks on other nations or corporations
            2. Use of advanced persistent threats (APTs)
         2. Cyber Espionage
            1. Stealing sensitive data for political or military advantage
            2. Focus on critical infrastructure and governmental data
      4. Cybercriminals
         1. Organized Crime Groups
            1. Highly organized and financially motivated
            2. Ransomware campaigns and financial fraud
         2. Lone Wolf Attackers
            1. Individuals acting independently
            2. May commit identity theft or credit card fraud
   2. Vulnerability Management
      1. Vulnerability Assessment
         1. Identification of vulnerabilities in systems and networks
         2. Use of automated tools and manual review
         3. Importance of regular assessment scheduling
      2. Penetration Testing
         1. Ethical hacking to identify exploitable weaknesses
         2. Simulation of real-world cyber attacks
         3. Report findings to improve security measures
      3. Patch Management
         1. Regularly updating software to fix security vulnerabilities
         2. Importance of timely patch deployment
         3. Automated vs. manual patch management processes
      4. Security Information and Event Management (SIEM)
         1. Centralized logging and reporting of security events
         2. Real-time analysis for threat detection
         3. Integration with incident response workflows
   3. Cyber Attack Vectors
      1. Email
         1. Phishing Attacks
            1. Deceptive emails to steal credentials or deploy malware
            2. Spear phishing targeting specific individuals or organizations
         2. Business Email Compromise (BEC)
            1. Fraudulent emails appearing to be from trusted sources
            2. Targeted attacks on corporate emails for theft
      2. Web
         1. Drive-by Downloads
            1. Unintentionally downloading malware from compromised websites
            2. Use of malicious ads or links
         2. Cross-Site Scripting (XSS)
            1. Injection of scripts into web pages to exploit user data
            2. Persistent vs. Non-persistent XSS
      3. Mobile
         1. Mobile Malware
            1. Malicious software targeting mobile devices
            2. Apps that request excessive permissions
         2. SIM Swapping
            1. Hijacking phone numbers to access accounts
            2. Used for bypassing two-factor authentication
      4. Internet of Things (IoT)
         1. Device Vulnerabilities
            1. Weak default credentials on IoT devices
            2. Lack of firmware updates
         2. Botnets
            1. Network of compromised IoT devices used for massive attacks
            2. Example: DDoS attacks exploiting IoT networks
            3. Device management challenges in diverse environments